RECORDS MANAGEMENT: A GOOD PRACTICE GUIDE FOR MEDICINES INFORMATION SERVICES

VERSION 1.1

Prepared by UKMi Clinical Governance Working Group

April 2007

RecordsManagementV1.1 last amended 8.3.07

RECORDS MANAGEMENT: A GOOD PRACTICE GUIDE

FOR MEDICINES INFORMATION SERVICES

1.0 /

Introduction

1.1 / Records management NHS Code of Practice 2006
Records management: NHS Code of Practice 5 April 2006
Part 1 ( )
Part 2 ( )
This Code of Practice is a guide to the required standards of practice in the management of records for those working within the NHS. It is based on current legal requirements and professional best practice.
1.2 / General context
1.2.1 / All NHS records are public records under the terms of the Public Records Act 1958 sections 3 (1-2).
The National Archives is the body responsible for advising on the management of all types of public records, including NHS records.
The Introduction to the National Archives’ Records Management: Standards and Guidance document states :
“A systematic and planned approach to the management of records within an organisation, from the moment the need for a record to be created is identified, through its creation and maintenance to its ultimate disposal, ensures that the organisation has ready access to reliable information. An organisation needs to maintain that information in a manner that effectively serves its own business needs, those of Government and of the citizen, and to dispose of the information efficiently when it is no longer required”.
1.2.2 / Records are a valuable resource because of the information they contain. High-quality information underpins the delivery of high-quality evidence-based healthcare and many other key service deliverables. Information has most value when it is accurate, up to date and accessible when it is needed. An effective records management service ensures that the information is properly managed and is available whenever and wherever there is a justified need for information, and in whatever media it is required. Information may be needed to :
  • support patient care and continuity of care

  • support day-to-day business which underpins delivery of care

  • support evidence-based clinical practice

  • support sound administrative and managerial decision making as part of the knowledge base for NHS services

  • meet legal requirements, including requests from patients under subject access provisions of the Data Protection Act or the Freedom of Information Act.

  • Assist clinical and other types of audit

  • Support improvements in clinical effectiveness through resource and also to support archival functions by taking account of the historical importance of material and the needs of future research

  • Support patient choice and control over treatment and services designed around patients

1.2.3 / Information Governance Framework : allows NHS organisations in England and individuals working within them to ensure that personal information is dealt with legally, securely, effectively and efficiently in order to deliver the best possible care to patients, clients and service users.
  • Allows the NHS to monitor and manage change by educating staff, developing Codes of Practice, helping organisations and individuals to understand the requirements of law and ethics in respect of information handling and the consequent need for changes to systems and processes.

  • Details the standards expected of all NHS staff with respect to protecting clinical records from damage, destruction and inappropriate disclosure

1.3 /

Legal and professional obligations

Annex C of the Code of Practice lists relevant legislation, standards and guidelines and professional Codes of Conduct.

2.0 /

Resources

2.1 / Information Governance Toolkit
The Information Governance Toolkit has been approved by health ministers and is used by the Healthcare Commission as part of the standard to audit NHS organisations against the new core standards. Organisations are required to register in order to complete the Information Governance Assessment.
2.2 / Roadmap
The Records ManagementRoadmap contains a range of practical tools and guidance, including a knowledge base and templates designed to support organisations in the implementation of principles contained in the Records Management NHS Code of Practice. These include:
  • A records management policy

  • A records management strategy

  • A records inventory survey template

Additional material will be released as it becomes available.
The Roadmap is available electronically via
2.3 / Glossary of Record Management Terms
This can be found in Part 1 of the Code of Practice
( )
3.0 /

NHS Records Management

3.1 / Aims of Code of Practice
  • To establish an information governance framework for NHS records management in relation to the creation, use, storage, management and disposal of all types of records

  • To clarify the legal obligations that apply to NHS records

  • To explain the actions required by Chief Executives and other managers to fulfil these obligations

  • To explain the requirements to select records for permanent preservation

  • To set out recommended minimum periods for retention of all types of NHS records, regardless of the media on which they are held and to indicate where further information on records management may be found.

3.2 / Responsibility
3.2.1 / The records management function should be recognised as a specific corporate responsibility within each NHS organisation and should provide a managerial focus for records of all types and in all formats. It should have clearly defined responsibilities and objectives and adequate resources to achieve them. A designated member of staff of appropriate seniority should have lead responsibility for records management within the organisation.
All staff must be appropriately trained so that they are fully aware of their personal responsibilities in respect of record keeping and management and that they are competent to carry out their designated duties. This should include training of staff in the use of electronic records systems. It should be done through both generic and specific training programmes, complemented by organisational policies and procedures and guidance documentation.
3.2.2 / Individual responsibility
Under the Public Records Act, all NHS employees are responsible for any records they create or use in the course of their duties. Any records created by an employee of the NHS are public records and may be subject to both professional and legal obligations.
3.3 / Policy and Strategy
Each NHS organisation should have in place an overall policy statement on how it manages all of its records, including electronic records. The statement should be endorsed by the Board and made readily available to staff at all levels of the organisation, both on induction and through regular update training.
The policy should :
Set out an organisation’s commitment to create, keep and manage records and document its principal activities in this respect.
Outline the role of records management within the organisation
Define roles and responsibilities within the organisation, including the responsibility of individuals to document their actions and decisions in the organisation’s records and to dispose of records appropriately when they are no longer required
Provide a framework for supporting standards, procedures and guidelines
Indicate the way in which compliance with the policy and its supporting standards, procedures and guidelines will be monitored and maintained
The policy statement should be reviewed at regular intervals (at least once every 2 years) and, if appropriate, it should be amended to maintain its currency and relevance.
3.4 /

Record Creation

Each operational unit of an NHS organisation should have in place a process for documenting its activities in respect of records management. This should take into account the legislative and regulatory environment in which the unit operates.
Records of operational activities should be complete and accurate in order to allow employees and their successors to undertake appropriate actions in the context of their responsibilities, to facilitate an audit of the organisation by anyone so authorised, to protect legal and other rights of the organisation, its patients, staff and any other affected by its actions and provide authentication of the records so that evidence derived from them is shown to be creditable and authoritative.
Records created by the organisation should be arranged in a record-keeping system that will enable the organisation to obtain maximum benefit from the quick and easy retrieval of information.
Examples from MI practice: / Action Point
Obtain copy of Trust guidance on records
management
Enquiries (MI Databank) and attachments
Comments on PGDs/guidelines
Training records
SOPs
Subscriptions, invoices
Memos
D&T minutes, other minutes
Bulletins and other publications
e-mails
COSHH assessments
Personnel records, IPR records
Correspondence
Faxes
Order forms
3.5 /

Information Quality Assurance

It is important that all NHS organisations train staff appropriately and provide regular update training. In the context of records management and information quality, organisations need to ensure that their staff are fully trained in record creation, use and maintenance, including an understanding of:
  • What they are recording and how it should be recorded

  • Why they are recording it

  • How to validate information with the patient/carer or against other records to ensure that staffing are recording correct data

  • How to identify and correct errors and how to report errors

  • Use of information – so staff understand what records are used for (and therefore why timelines, accuracy and completeness of recording is so important)

  • How to update information and add in information from other sources

Examples from MI practice: / Action points
Include in induction programme for new/rotational staff
Update sessions as appropriate
IRMIS
Peer review
Internal review/external audit
SOPs
Training/induction/unit meetings
Critical appraisal/evaluation
Essential resources
SSPs
3.6 /

Record Keeping

Implementing and maintaining an effective records management service depends on knowledge of what records are held, where they are stored, who manages them, in what format(s) they are made accessible, and their relationship to organisational functions. An information survey or record audit is essential to meeting this requirement.
Paper and electronic record keeping systems should contain descriptive and technical documentation to enable the system to be operated efficiently and the records held in the system to be understood.
The record keeping system, whether paper or electronic, should include an easily understandable, documented set of rules for referencing, titling, indexing and, if appropriate, the protective marking of records.
Examples from MI practice: / Action points
Establish baseline lists of
departmental records
Update as necessary
Consider SOP for record keeping
MI Databank for queries
Filing – paper/electronic e.g. e-Drawer
Accessibility – password protection
3.7 /

Record Maintenance

The movement and location of records should be controlled to ensure that a record can be easily retrieved at any time, that any outstanding issues can be dealt with, and that there is an auditable trail of record transactions.
Storage accommodation for current records should be clean and tidy, should prevent damage to the records and should provide a safe working environment for staff.
For records in digital format, maintenance in terms of back-up and planned migration to new platforms should be designed and scheduled to ensure continuing access to readable information.
Equipment used to store current records on all types of media should provide storage that is safe, secure from unauthorised access and which meets health and safety and fire regulations, but which also allows maximum accessibility of the information commensurate with its frequency of use.
When paper records are no longer required for the conduct of current business, their placement in a designated secondary storage area may be a more economical and efficient way to store them. Procedures for handling records should take full account of the need to preserve important information and to keep it confidential and secure.
There should be archiving policies and procedures in place for both paper and electronic records.
A contingency or business continuity plan should be in place to provide protection for all types of records that are vital to the continued functioning of the organisation.
Examples from MI practice: / Action points
Consider SOP for archiving of paper and electronic records
Ensure back-up arrangements for records in
digital format
Ensure safe and secure storage for records
MI Databank audit trail
Storage of paper records/scanned data
Access controlled
Storage meets Trust requirements
Fireproof safe for essential data
Regular back-up of vital data
3.8 /

Scanning

For reasons of efficiency or to address problems with storage space, NHS organisations may consider the option of scanning into electronic format records which exist in paper format. Where this is proposed, factors to be taken into account include:
  • The costs of initial and then any later media conversion to the required standard, bearing in mind the length of the retention period for which records are required to be kept

  • The need to protect the evidential value of the record by copying and storing the record in accordance with British Standards, in particular, the “Code of Practice for Legal Admissibility and Evidential Weight of Information Stored Electronically” (BIP 0008).

To fully realise the benefits of reduced storage requirements and business efficiency, organisations should consider disposing of paper records that have been copied into electronic format and stored in accordance with appropriate standards.
Examples from MI practice: / Action points
Ensure storage medium is accessible within
timeframe that data will be needed
Disposal arrangements for paper documents
copied onto electronic format meet Trust
requirements
Past queries
Correspondence
Minutes
Training records
Personnel data
Specification of scanner
Continued access to data with changing technologies
3.9 /

Disclosure and Transfer of Records

There are a range of statutory provisions that limit, prohibit or set conditions in respect of disclosure of records to third parties and a range of provisions that require or permit disclosure. The key statutory requirements can be found in Annex C
( )
Caldicott Guardians or their support staff should be involved in any proposed disclosures of confidential patient information. Data Protection Officers may be able to advise on subject access requests by members of the public.
Further advice can be found in the Information Governance Toolkit.

Mechanisms for transferring from one organisation to another should also be tailored to the sensitivity of the material contained in the records and the media on which they are held (see Information Governance Toolkit).
Examples from MI practice: / Action points
SOP re 3rd party enquiries/police, parents etc
Prepare guidance on who can legitimately request data
Consult Data Protection Officer
MI Databank – sharing patient details
Guidelines/protocols/formulary data – transfer between Trusts/other organisations
Security of data
e-mails and faxes
3.10 /

Retention and Disposal arrangements

Detailed guidance on retention periods for a full range of NHS personal health ( and different types of business and corporate records ( is found in Annex D.
It is important, under freedom of information legislation, that disposal of records (defined as the point in their life cycle whey they are either transferred to an archive or destroyed)
is undertaken in accordance with clearly established policies which have been formally adopted by the organisation and which are enforced by properly trained and authorised staff.
Examples from MI practice: / Action points
Check Trust policy
Local SOP
Purchasing orders
Past queries
Drug alerts
Correspondence
3.11 / Record Closure
Records should be closed (i.e made inactive and transferred to secondary storage) as soon as they have ceased to be in active use, other than for reference purposes. An indication that a file of paper or electronic records has been closed, together with the date of closure, should be shown on the record itself as well as noted in the index or database of files/folders.
Examples from MI practice: / Action point
Local SOP
MI Databank records record closure for queries
Marking files “closed” e.g. personnel who have left, old minutes, training records
3.12 /

Record Disposal

A record of the destruction of records showing their reference, description and date of destruction should be maintained and preserved, so that the organisation is aware of those records that have been destroyed and are therefore no longer available. Disposal schedules would constitute the basis of such a record.
If a record due for destruction is known to be the subject of a request for information or potential legal action, destruction should be delayed until disclosure has taken place or if the authority has decided not to disclose the information until the complaint and appeal provisions of the Freedom of Information Act have been exhausted or the legal process completed.
Records (including copies) not selected for archival preservation and which have reached the end of their administrative life, should be destroyed in as secure a manner as is appropriate to the level of confidentiality or protective markings they bear. This can be undertaken on site or via an approved contractor.
It is the responsibility of the NHS organisation to ensure that the methods used throughout the destruction process provide adequate safeguards against accidental loss or disclosure of the contents of the records. Contractors, if used, should be required to sign confidentiality undertakings and to produce written certification as proof of destruction. A British Standard Code of Practice for the secure destruction of confidential material was published in April 2006.

Examples from MI practice: / Action points
Local procedure for pregnancy and paediatric queries
Check Trust procedure
Letters, queries, orders, minutes, training records, user surveys, audits, incident reports, complaints
3.13 / Electronic record audit trails
Typically, the audit trail will include information on:
  • Who – identification of the person creating, changing or viewing the record
  • What – details of the data entry or what was viewed
  • When – date and time of the data entry or viewing
  • Where – the location where the data entry or viewing occurred

Audit trails are important for medico-legal purposes as they enable the reconstruction of records at a point in time. Without its associated audit trail, there is no reliable way of confirming that an entry is a true record of an event of intervention.
NHS Connecting for Health is considering the impact of the retention of audit trail data e.g whether it should be retained for at least the same period as the data to which it relates.
Examples from MI practice:
MI Databank for queries

RECORDS MANAGEMENT : A GOOD PRACTICE GUIDE